Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet 2.6.6 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-25613
An issue exists in Ruby up to and including 2.5.8, 2.6.x up to and including 2.6.6, and 2.7.x up to and including 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue ...
Ruby-lang Ruby
Ruby-lang Webrick
Fedoraproject Fedora 32
Fedoraproject Fedora 33
NA
CVE-2013-2274
Puppet 2.6.x prior to 2.6.18 and Puppet Enterprise 1.2.x prior to 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Puppetlabs Puppet 2.6.17
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet Enterprise 1.2.0
NA
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppetlabs Puppet
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.19
NA
CVE-2012-3867
lib/puppet/ssl/certificate_authority.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted re...
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
NA
CVE-2012-3864
Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppet Puppet 2.6.15
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
NA
CVE-2012-3865
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet prior to 2.6.17 and 2.7.x prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server...
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
NA
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
NA
CVE-2012-1054
Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
NA
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
NA
CVE-2012-1986
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlin...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »